1. Field of the Invention
The present invention relates to cyber security and, more particularly, to a system, method and process for Detecting Advanced and Targeted Attacks with the Recoupling of Kerberos Authentication and Authorization.
2. Background Information
Kerberos is an Authentication protocol, standardized and maintained by the IETF (mainly in RFC 41201) and implemented by many Operating Systems (OS), including but not limited to Windows, Linux and Mac OSX. The Kerberos authentication protocol enables the transparent Single Sign On (SSO) experience. The SSO enables users to actively authenticate (i.e. provide a password) only once even though the same user accesses various services—whether in the corporate network or in the Cloud. In federation scenarios, the Kerberos ticket is translated into SAML (Security Assertion Markup Language) tokens. 1 https://www.ietf.org/rfc/rfc4120.txt, The Kerberos Network Authentication Service (V5), C. Neuman, T. Yu, S. Hartman, K. Raeburn, MIT, July 2005